Abstract: A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system.

Abstract: A data processing system accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.

Abstract: An example of a solution provided here comprises: providing a connection pool, said connection pool including a connection for each of a plurality of servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Another example of a solution comprises: providing a plurality of directory servers; providing a connection pool, said connection pool including a connection for each of said plurality of directory servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Methods for providing highly available services, systems for executing such methods, and instructions on a computer-usable medium, for executing such methods, are provided.

Abstract: A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code.

Abstract: An extensible token framework is provided for identifying purpose and behavior of run time security objects. The framework includes a set of marker token interfaces, which extends from a default token interface. A service provider may implement one or more marker token interfaces for a Subject or a thread of execution. A service provider may also implement its own custom marker tokens to perform custom operations. The security infrastructure runtime recognizes behavior and purpose of run time security objects based on the marker or custom marker token interfaces the token implements and handles the security objects accordingly.

Abstract: A method, apparatus and computer instructions for handling propagation of custom tokens without using Java™ serialization. A service provider may plug in a first login module to add a marker token to a subject for later use by an application at run time. The marker token is then serialized by the mechanism of the present invention by invoking a get bytes method on the token. The present invention then propagates the token downstream if the token is marked forwardable. At a target server, a second login module may be plugged in to deserialize a byte array from a list of tokens and perform custom operation on the byte array retrieved from a token holder.

Abstract: A system and method is provided for reducing the complexity and improving the performance of enforcing security restrictions on the execution of program code in a runtime environment. In a preferred embodiment, units of executable code, such as methods or functions, are classified by “security level.” Code units belonging to a “trusted” security level may call any other code unit in the runtime environment, but other security levels are restricted in the code units they can call. Code units may also have “instance permissions” to allow them to have permission to call other individually-specified code units that they would normally be precluded from calling, due to their security level. The security level scheme described herein reduces the complexity of establishing permissions with respect to different code units in the runtime environment. This security level scheme also improves runtime performance by making it unnecessary to check individually-defined permissions in many cases.

Abstract: A system and method is provided for reducing the complexity and improving the performance of enforcing security restrictions on the execution of program code in a runtime environment. In a preferred embodiment, units of executable code, such as methods or functions, are classified by “security level.” Code units belonging to a “trusted” security level may call any other code unit in the runtime environment, but other security levels are restricted in the code units they can call. In a preferred embodiment, the security levels are represented by corresponding permission objects. Each permission object that is associated with a particular security level includes a numerical value that denotes that security level. Security policies can be enforced with respect to caller and callee code units by comparing numerical values of corresponding permission objects. This security level scheme also improves runtime performance by making it unnecessary to check individually-defined permissions in many cases.

Abstract: A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.

Abstract: A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.

Abstract: State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.

Abstract: A mechanism is provided for securing cryptographic functionality within a host system such that it may only be used when a system administrator physically allows it via a hardware security token. In addition, a hardware security unit is integrated into a data processing system, and the hardware security unit acts as a hardware certificate authority. The hardware security unit may be viewed as supporting a trust hierarchy or trust framework within a distributed data processing system. The hardware security unit can sign software that is installed on the machine that contains the hardware security unit. Server processes that use the signed software that is run on the machine can establish mutual trust relationships with the hardware security unit and amongst the other server processes based on their common trust of the hardware security unit.

Abstract: A data processing system accepts a removable hardware device, which becomes electrically engaged with a system unit within the data processing system, after which the removable hardware device and the hardware security unit mutually authenticate themselves. The removable hardware device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable hardware device. In response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit.

Abstract: A system and method for integrated security roles is presented. An upstream application includes one or more role-mapping requirements that correspond to an upstream security role and a downstream security role. The upstream security role is expanded by adding an upstream security role identifier in a downstream application's role-mapping table or by adding upstream user-to-role mappings to a downstream application's role-mapping table. When an upstream security role is expanded, a user assigned to the upstream security role automatically has access to role-mapped downstream applications.

Abstract: A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object.

Abstract: A method and apparatus for providing a recent set of replicas for a cluster data resource within a cluster having a plurality of nodes; each of the nodes having a group services client with membership and voting services. The method broadcasts a data resource open request to the nodes of the cluster, determines a recent replica of the cluster data resource among the nodes, and distributes the recent replica to the nodes of the cluster. The apparatus is for providing a recent set of replicas for a cluster data resource. The apparatus has a cluster having a plurality of nodes in a peer relationship; each node has an electronic memory for storing a local replica of the cluster data resource. A group services client, which is executable by each node of the cluster, has cluster broadcasting and cluster voting capability.

Abstract: Integrating Java and CORBA security, including executing Java authentication of a client, including creating a Java credential object associated with a Java subject object, executing CORBA authentication of the client, including creating a CORBA credential object, and associating the CORBA credential object with the Java subject object.

Abstract: A system and method for run-as credentials delegation using identity assertion is presented. A server receives a request from a client that includes the client's user identifier and password. The server authenticates the client and stores the client's user identifier without the corresponding password in a client credential storage area. The server determines if a run-as command is specified to communicate with a downstream server. If a run-as command is specified, the server retrieves a corresponding run-as identity which identifies whether a client credential type, a server credential type, or a specific identifier credential type should be used in the run-as command. The server retrieves an identified credential corresponding to the identified credential type, and sends the identified credential in an identity assertion token to a downstream server.

Abstract: Objects on application servers may be defined into classes which receive different levels of security protection, such as definition of user objects and administrative objects. Domain-wide security may be enforced on administrative objects, which user object security may be configured separately for each application server in a domain. In a CORBA architecture, IOR's for shared objects which are to be secured on a domain-wide basis, such as administrative objects, are provided with tagged components during IOR creation and exporting to a name server. Later, when the IOR is used by a client, the client invokes necessary security measures such as authentication, authorization and transport protection according to the tagged components.

Abstract: An example of a solution provided here comprises: providing a connection pool, said connection pool including a connection for each of a plurality of servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Another example of a solution comprises: providing a plurality of directory servers; providing a connection pool, said connection pool including a connection for each of said plurality of directory servers; applying a load-balancing policy to said connection pool; and assigning a connection from said connection pool to a client, according to said load-balancing policy. Methods for providing highly available services, systems for executing such methods, and instructions on a computer-usable medium, for executing such methods, are provided.